search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.25k stars 645 forks source link

zulutosec cannot convert correctly #538

Closed s1r-J closed 2 years ago

s1r-J commented 2 years ago

zulutosec cannot convert some future times(e.g. '401231235959Z') correctly.

zulutosec uses ~ for cutting off after the decimal point. Bitwise not (~ ) converts integer with more than 32 bits into a 32-bit signed integer. So, '401231235959Z'(Unix time is 2240611199000, more than 32 bits) will be shotened by bitwise not operator and be coverted incorrectly.

Bitwise NOT (~) - JavaScript | MDN

Sample code is following.

const overflowDateStr = '401231235959Z'; // 2040 Dec 31 23:59:59
const overflowDate = new Date(Date.UTC(2000 + parseInt(overflowDateStr.slice(0, 2)), parseInt(overflowDateStr.slice(2, 4)) - 1, parseInt(overflowDateStr.slice(4, 6)), parseInt(overflowDateStr.slice(6, 8)), parseInt(overflowDateStr.slice(8, 10)), parseInt(overflowDateStr.slice(10, 12))))
console.log(overflowDate.getTime());                 // 2240611199000
console.log(jsrsasign.zulutomsec(overflowDateStr));  // 2240611199000
console.log(jsrsasign.zulutosec(overflowDateStr));   // -2054356097

console.log(Math.floor(jsrsasign.zulutomsec(overflowDateStr)/1000));  // 2240611199

Thanks.

kjur commented 2 years ago

Thank you for your report. It will be fixed in the release today.